# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.

class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time

  # See ActionController::RequestForgeryProtection for details
  # Uncomment the :secret if you're not using the cookie session store
  protect_from_forgery # :secret => '414ea28b61b069e3944ef5e90971fa84'
  
   ########################################
  ##             Constantes             ##
  ADMINISTRADOR = 6
  COORDENADOR = 5
  TUTOR = 4
  PROFESSOR = 3
  ALUNO = 2
  USUARIO = 1
  ########################################
  
  # See ActionController::Base for details 
  # Uncomment this to filter the contents of submitted sensitive data parameters
  # from your application log (in this case, all fields with names like "password"). 
  # filter_parameter_logging :password
  
 protected
  def authenticate(cod)
   if not session[:usuario]
     session[:return_to] = request.request_uri
     redirect_to :controller => "plataforma", :action =>"index"
     flash[:notice] = "Invalid Login and/or Password"
     return false
   else
     puts  "acesso restrito"
     
   
    usuario = Usuario.find_by_id(session[:usuario])
    codigo = TipoUsuario.find_by_id(usuario.tipo_usuario_id)
    if codigo == cod     
      return true
     else     
      flash[:notice] = "Acesso Restrito"
      redirect_to :controller => "usuarios", :action =>"acessoRestrito"
      
    end
  end
  end
    
    
    # codigo = TipoUsuario.find_by_id(:usuario).codigo
    # puts "--------------------------------------------------------------------"
    # puts codigo
    # else
    #   session[:return_to] = request.request_uri
    #   redirect_to :controller => "login", :action =>"login"
    #   return false
    # end   
  def authAdministrador
    authenticate(ADMINISTRADOR)
  end
  
  def authCoordenador
    authenticate(COORDENADOR)
  end
  
  def authAluno
    self.authenticate(ALUNO)
  end
  
  def authTutor
    authenticate(TUTOR)
  end
  
  def authProfessor
    authenticate(PROFESSOR)
  end
  
  def authUsuario
    authenticate(USUARIO)
  end


end